All news with #eu ai act tag

📰 Over eight years GDPR set global data-protection norms, notably the 72-hour breach notification standard, but nearly 40% of announced EU fines by value are annulled or under appeal. Experts say large tech firms contesting fines isn’t surprising and that rulings provide practical guidance for compliance teams. As the EU’s AI Act and proposed GDPR reforms arrive, regulators must shore up procedural robustness while organisations adapt governance to evolving AI risks.

🔒 European policymakers are accelerating a push for greater tech sovereignty in response to shifting geopolitical trust and concerns over dependence on US and other foreign technologies. The debate spans legal, operational and supply-chain dimensions, with proposals under the EU’s Tech Sovereignty Package and revisions to procurement and the Cybersecurity Act. Achieving autonomy will require investment in local R&D, talent, interoperable systems and realistic timelines, while avoiding protectionist measures that stifle competition. The private sector must factor geopolitical risk into procurement to scale credible European alternatives.

🤖RSA Conference 2026 reframes AI from a single track to the event itself, with roughly 40% of sessions AI-weighted and artificial intelligence woven across identity, cloud, threat intelligence and human-focused tracks. CISOs face a dual mandate: accelerate AI adoption to remain competitive while protecting the enterprise from new attack surfaces such as RAG pipelines, vector databases, prompt injection and model inversion. Key priorities at RSAC include securing the AI stack, defining AI governance and compliance (including preparation for the EU AI Act), managing non‑human identities, mitigating shadow AI and AI-assisted coding risks, and preparing SOCs for autonomous remediation.

⚖️ The European Commission has opened formal proceedings under the Digital Services Act to examine whether X properly assessed risks before deploying the Grok AI tool, after reports it produced sexually explicit and potentially child sexual abuse material. UK and Californian authorities are conducting parallel probes, and regulators say these apparent harms “seem to have materialised.” X later restricted image-generation and editing to paid subscribers while it faces enforcement as a VLOP and a recent c120 million fine for DSA transparency breaches.

🔒 IBM and Palo Alto Networks are partnering to deliver a unified, AI-powered cybersecurity foundation across Northern Europe, helping enterprises reduce tool sprawl, improve visibility and accelerate compliance. Their integrated stack—Cortex XSIAM, Cortex Cloud, Prisma Access and IBM consulting—secures cloud, AI pipelines and hybrid work while automating SOC workflows. The program targets measurable ROI, faster detection and simplified policy management aligned to NIS2, DORA and the EU AI Act.

🛡️ Microsoft has been named an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense, highlighting its enterprise-ready security and governance capabilities for AI. The company emphasizes embedding security across AI apps, agents, platforms, and infrastructure using an identity-first, defense-in-depth approach. Key controls include Entra Agent ID, Microsoft Purview for real-time DLP and classification, Microsoft Defender for runtime protection, and governance tools such as Agent365 and Foundry. Built-in compliance support aligns with frameworks like EU AI Act, NIST AI RMF, and ISO 42001.

⚖️ The essay opposes a proposed ten‑year moratorium and an impending Executive Order that would bar states from regulating artificial intelligence, arguing this would cede power to a few dominant AI firms and undermine local consumer protections. It highlights growing state efforts in places like California, New York, Massachusetts, Utah, and Texas and rejects the industry claim that a regulatory patchwork would fatally stifle innovation. The authors advocate that the federal government should support state-led experimentation and fund public-interest AI models rather than preempt state authority, and note that the President signed an Executive Order shortly after publication.

🔎The European Commission has fined X €120 million for breaching transparency obligations under the Digital Services Act. A two‑year inquiry found X's paid 'blue checkmark' programme misleading because badges could be purchased without meaningful identity verification, and that its ad repository and researcher access practices lacked required transparency. X has 60 working days to fix the checkmark issue and 90 days to submit plans for ad and research improvements or face further penalties.

⚠️ The EU Council's decision to frame communications scanning as voluntary is being presented as a retreat from plans to weaken end-to-end encryption, but privacy experts warn the danger persists. Campaigners including Patrick Breyer and European Digital Rights (EDRi) say this effectively privatizes Chat Control, enabling companies to deploy error-prone, warrantless client-side scanning. For enterprises and CISOs the main concern is data leakage: false positives could expose confidential documents, code, or strategic plans to outside authorities without corporate consent.

🔒 European leaders, including Chancellor Friedrich Merz and President Emmanuel Macron, will attend a Berlin summit of digital ministers and IT experts expected to draw about 900 participants. The conference highlights concerns that US laws such as CLOUD Act and FISA 702 can compel US cloud providers to disclose data held in Europe, driving calls to reduce dependencies on non‑European vendors. Officials and industry leaders emphasise technological controls — notably strong encryption and customer-held keys — and the need for scalable European cloud alternatives while addressing regulatory and startup barriers.

🔐 The article argues that the traditional CISO role must evolve into a Chief Risk Architect, shifting focus from purely technical controls to enterprise resilience and business continuity. It emphasizes anticipating disruptions, minimizing operational impact, and demonstrating recovery capabilities to regulators, partners, and shareholders. Required skills now include risk quantification, ERM, threat detection, geopolitical awareness, and fluency with regulations like NIS2, DORA and the AI Act. It also stresses reporting to the board or CEO to gain strategic influence and attract future talent.

⚠️ ENISA reports the EU cyber threat landscape has worsened, identifying ransomware as the single most damaging threat due to widespread encryption and costly recoveries. By frequency, DDoS incidents dominate (77% of reported cases), though they typically cause shorter-lived outages. The agency's analysis of 4,875 incidents from July 2024 to June 2025 also highlights concentrated attacks on public administration and a rapid rise in AI-assisted social engineering.

⚖️ The European Court of Justice's General Court has dismissed a legal challenge seeking to annul the EU-US Data Privacy Framework (DPF), finding that, at the time of adoption, US law ensured an adequate level of protection for personal data transferred from the EU. Negotiated in July 2023, the DPF now stands as the main mechanism for transatlantic data flows, providing immediate relief to the European Commission and many businesses. Critics including Max Schrems and advocacy group NOYB have signalled likely appeals, meaning the ruling may not be the final word and legal uncertainty could continue.

🔒 A new CIISec survey finds 69% of security professionals believe current cybersecurity laws are insufficient. The annual State of the Security Profession report, compiled from CIISec members and the wider community, highlights a regulatory focus driven by recent legislation such as DORA, NIS2 and the EU AI Act. Respondents assign breach responsibility mainly to boards (91%), and indicate increasing support for senior management sanctions. CIISec's CEO urges improved collaboration, regulation literacy and clearer risk communication.